df7037f3b1c5297496881e8a96fd3c2653fe8504a7359ac4d7e7403b53ec7bc6

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22/10/2023, 17:19

Target

NEAS.4b2267b137a188bc8731efd5ba057f30.exe
Size

16KB
MD5

4b2267b137a188bc8731efd5ba057f30
SHA1

ebd4efdbbc489d47170141e6e3ccf066ba3933ee
SHA256

df7037f3b1c5297496881e8a96fd3c2653fe8504a7359ac4d7e7403b53ec7bc6
SHA512

7a75692957de72202bb3e7ece38bdf4584f6e6532dc70c4d0ac3c5fe565292372ff401e93e9b7d89099a4ba8747588406ee33ea2358279d251f2c0f2bdf9956c
SSDEEP

192:yQBggb9Q2bekJxqhzCIIIQlTtGSdxOjoEMIph3SfrS9XnHSM:yQ3bXykJxqhz9QhtGSdY50rS9XHS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2896	2508	WerFault.exe	12

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2896	2508	NEAS.4b2267b137a188bc8731efd5ba057f30.exe	28
PID 2508 wrote to memory of 2896	2508	NEAS.4b2267b137a188bc8731efd5ba057f30.exe	28
PID 2508 wrote to memory of 2896	2508	NEAS.4b2267b137a188bc8731efd5ba057f30.exe	28
PID 2508 wrote to memory of 2896	2508	NEAS.4b2267b137a188bc8731efd5ba057f30.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.4b2267b137a188bc8731efd5ba057f30.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.4b2267b137a188bc8731efd5ba057f30.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 36
  2⤵
  - Program crash
  PID:2896